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REMARKS 

Claims 1-42 are pending in the application, with claims 1, 13, 22, 28, 31, 33, and 37 
being independent. Claims 13-19 and 31 have been amended by this response, and new claims 
33-42 have been added. Reconsideration and allowance of Applicant's claims are respectfully 
requested in light of the following remarks. 

The specification was objected to for informalities. Applicant has amended the 
specification as suggested to correct these informalities. No new matter has been added. 
Therefore, it is respectfully requested that the objection be withdrawn. 

Claim 31 was objected to for informalities. Claim 1 has been amended as suggested by 
the Examiner to correct the inadvertent reference to proxy sever instead of target server. One 
skilled at the art reading the claim would ascertain, as the Examiner did, that the claim intended 
to reference a target server. Therefore, this amendment is not directed to a matter of patentability 
and does not change the scope of the claim. Withdrawal of the objection to claim 31 is 
respectfully requested. 

Claims 1, 4, 11, 12, 22, and 28 were rejected under 35 U.S.C. § 103(a) as allegedly being 
unpatentable over U.S. Patent No. 5,673, 322 to Pepe et al. ("Pepe") in view of the article "How 
to Make Personalized Web Browsing Simple, Secure, and Anonymous" by Gabber et al 
("Gabber"). This rejection is respectfully traversed. 

Applicant's claim 1 recites, among other things, "intercepting a request from a client 
computer that is directed to a target server; encrypting profile information; augmenting the data 
request by adding the encrypted profile information; and sending the augmented data request to 
the target server." Claim 22 recites similar elements in the form of a computer program. It is 
respectfully submitted that Pepe and Gabber, either alone or in combination, do not describe or 
suggest these elements of Applicant's claims 1 and 22. 

Pepe describes a split proxy interface. A local proxy 56 and remote proxy 66 are 
provided between a web browser 54 and an external web server 68. The local proxy 56 
encapsulates TCP/IP requests received from the web browser 59 into a CGI script query that is 
provided to the remote proxy 66. The remote proxy 66 unpackages the CGI script query and 
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executes a standard www query to web server 68. The web server 68 returns a data object to the 
remote proxy 66. The remote proxy compresses, filters, encrypts, and places the data object in a 
reply script that is sent to the local proxy 56. The local proxy 56 matches the reply script with 
the request script, and passes the data object to the client browser 54. (See, e.g., Fig. 5 and cols. 
11 and 12.) 

As such, the client request of Pepe is not encrypted (the response is). Moreover, the 
client request is converted by the local proxy 56 into a CGI script query, a response to which 
may be encrypted based on settings within the script query. But the query itself is not encrypted 
in Pepe. Furthermore, no mention of user profile information is found in Pepe. As a result, Pepe 
does not describe or suggest "encrypting profile information; augmenting the data request by 
adding the encrypted profile information." 

Pepe also does not describe or suggest "sending the augmented data request to the target 
server." According to Pepe, the query script is sent to a remote proxy (not the target sever 68) 
that unpackages the query script. The remote proxy executes a standard www query to the target 
server 68. As such, no augmented data request reaches the target server. 

Gabber does not provide for the deficiencies of Pepe. For example, Gabber does not 
describe "encrypting profile information; augmenting the data request by adding the encrypted 
profile information; and sending the augmented data request to the target server." Gabber does 
not send any profile information of the user (encrypted or otherwise) to the remote site. Gabber 
is directed to making web browsing anonymous so that the target server does not know who is 
contacting the web server. As a result, Gabber does not provide any user profile information to 
the target server in order to preserve the anonymity of the user. 

Claim 4 recites, among other things, "retrieving the profile information from a database 
based on an identity of a user." With regard to claim 4, the Action states "Pepe does not disclose 
the retrieval of user profile information from a database. Gabber teaches the use of user 
information by the proxy server to be sent along with the user request to the web server. This is 
indicative of retrieving the user information from a kind of storage, i.e.[,] a database containing 
user information." This statement is incorrect. As pointed out above, Gabber does not send user 
information to the target web server. In addition, the proxy of Gabber does not store user 
information (page 26 "no private user information stored between interactions"). The user of 
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Gabber must reenter information when contacting the proxy each time the user want to access 
information of the target web site (because the information is not stored by the proxy). There is 
no mention of a database or retrieving profile information from a database based on an identity 
of a user, as recited in Applicant's claim. 

Claims 11 and 12 depend from claim 1 and are believed to be allowable for at least the 
reasons given for claim 1 above. 

Claim 28 recites, "a proxy server comprising: a database comprising records storing user 
profile information; a network interface operatively coupled to a network to exchange data with a 
client computer and with a target server; and a processor operatively coupled to the network 
interface, the database, and a memory comprising executable instructions for causing the 
processor to intercept a data request that is directed to a target server, retrieve a record from the 
database, encrypt profile information in the record, augment the data request by adding the 
encrypted profile information, and send the augmented data request to the target server." It is 
respectfully submitted that Pepe and Gabber, either alone or in combination, do not describe or 
suggest these elements of Applicant's claim 28. 

Neither Pepe, nor Gabber describe a proxy server that includes a database comprising 
records storing user profile information. Furthermore, neither Pepe nor Grabber describe 
retrieving a record from the database and encrypting profile information from the record. The 
Action does not point out or explain how Pepe or Gabber teach or suggest at least these elements 
of Applicant's claim 28. If any rejection of claim 28 is maintained, it is respectfully requested 
that the Action point out with particularity where Pepe or Gabber teach such elements so that 
pplicant may respond. 

It is respectfully submitted that Pepe and Gabber do not establish a prima facie case of 
obviousness with regard to Applicant's claims 1, 4, 11, 12, 22, and 28. Therefore, 
reconsideration and withdrawal of the rejection of claims 1,4, 11, 12, 22, and 28 are respectfully 
requested. 

Claims 2, 3, 5, 23, and 29 were rejected under 35 U.S.C. § 103(a) as allegedly being 
unpatentable over Pepe in view of Gabber and U.S. Patent No. 6,049,877 to White ("White"). 
This rejection is respectfully traversed. 
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Claims 2, 3, 5, 23, and 29 depend from claims 1, 22, and 28, respectively, and are 
believed to be allowable for at least the reasons given above for claims 1, 22, and 28. In 
particular, White does not remedy any of the deficiencies of Pepe or Gabber that are noted above 
with respect to claims 1, 22, and 28. As such, it is respectfully submitted that Pepe, Gabber, and 
White, alone or in combination, do not establish a prima facie case of obviousness with regard to 
claims 2, 3, 5, 23, and 29. Therefore, reconsideration and withdrawal of the rejection of these 
claims are respectfully requested. 

Claims 6-10, 24, and 30 were rejected under 35 U.S.C § 103(a) as allegedly being 
unpatentable over Pepe in view of Gabber and U.S. Patent No. 6,253,326 to Lincke et al 
("Lincke"). This rejection is respectfully traversed. 

Claims 6-10, 24, and 30 depend from claims 1, 22, and 28, respectively, and are believed 
to be allowable for at least the reasons given for claims 1, 22, and 28. In particular, Lincke does 
not remedy any of the deficiencies of Pepe and Gabber that are noted above with respect to 
claims 1, 22, and 28. As such, it is respectfully submitted that Pepe, Gabber, and Lincke, alone 
or in combination, do not establish a prima facie case of obviousness with regard to claims 6-10, 
24, and 30. Therefore, reconsideration and withdrawal of the rejection of these claims are 
respectfully requested. 

Claims 13-15, 18, 25, 27, 31, and 32 were rejected under 35 U.S.C. § 103(a) as allegedly 
being unpatentable over Pepe in view of the article by Petitcolas ("Petitcolas"). Claim 13 has 
been amended to obviate the rejections of claim 13-15 and 18. This rejection is respectfully 
traversed with regards to claim 25, 27, 31, and 32. 

Claim 13 now recites, among other things, "receiving an augmented data request 
including an encrypted user profile information added by a proxy server." Claim 25 recites, 
among other things, to "receive a data request comprising encrypted profile information added to 
the data request by a proxy server." Claim 31 recites, among other things to "decrypt user 
profile information added to the data request by the target server." It is respectfully submitted 
that Pepe and Petitcolas, either alone or in combination, do not describe or suggest at least these 
elements of Applicant's claims 13, 25, and 31. 

With regard to claims 13, 25, and 31, as explained above, Pepe does not describe or 
suggest a proxy server that adds encrypted user profile information to a data request sent to a 
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target server. Petitcoloas does not remedy any of the deficiencies of Pepe. Petitcolas also 
describes a split proxy system including a client-side secure proxy and the server-side secure 
proxy. However, as in Pepe, Peticolas does not describe augmenting a data request with 
encrypted user profile information. 

Claims 14, 15, 18, 27, and 32 depend from claims 13, 25, and 31, respectively, and are 
believed to be allowable at least for the reasons given above for claims 13, 25, and 31. 

In view of at least the above, it is respectfully submitted that Pepe and Petitcolas do not 
establish a prima facie case of obviousness with regard to claim 13, 25, and 31. Therefore, 
reconsideration and withdrawal of the rejection of claim 13, 25, and 31 are respectfully requested. 

Claims 16, 17, 19-21, and 26 were rejected under 35 U.S.C. § 103(a) as allegedly being 
unpatentable over Pepe in view of Petitcolas and White. This rejection is respectfully traversed. 

Claims 16, 17, 19-21, and 26, depend from claims 13 and 25, respectively, and are 
believed to be allowable for at least the reasons given for claims 13 and 25. In particular, White 
does not remedy the deficiencies of Pepe and Petitcolas that are noted above with respect to 
claims 13 and 25. As such, it is respectfully submitted that Pepe, Petitcolas, and White, alone or 
in combination, do not establish a prima facie case of obviousness with regard to claims 16, 17, 
19-21, and 26. Therefore, reconsideration and withdrawal of the rejection of these claims are 
respectfully requested. 

It is respectfully submitted that the claims are in condition for allowance, and an early 
notice of the same is respectfully solicited. If any questions remain, the Examiner is invited to 
contact the undersigned attorney at the telephone number listed below. Please apply any charges 
or credits to Deposit Account No. 06-1050. 
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Versi n with markin2S to show changes made 

IN THE SPECIFICATION 

Please replace the paragraph beginning at page 4, line 1 with the following rewritten 
paragraph: 

In general, in another aspect, the invention features an information server that includes a 
network interface, a processor, and a memory. The network interface operatively couples the 
information server to a proxy server. The processor is operatively coupled to the network 
interface and to the memory. The memory includes executable instructions for causing the 
processor to receive a data request from the proxy server, decrypt user profile the information 
added to the data request by the [target] proxy server; and use the decrypted user profile 
information to generate a response to the data request. 

Please replace the paragraph beginning at page 9, line 1 8 with the following rewritten 
paragraph: 

The web server's public key file is returned to the proxy server [503] 502 in a HTTP 
response 513. The web server 503 may provide additional SecureData protocol information in 
HTTP fields of response 513 and/or in the public key file returned by the response message 513. 
For example, HTTP fields in response 513 may specify a time to live (TTL) for the key. The 
TTL value can be used to indicate the period during which the public key is valid. 

Please replace the paragraph beginning at page 12, line 9 with the following rewritten 
paragraph: 

When request 514 is received by the web server 503, the request can be passed to proxy 
data exchange filter software that can extract the added fields 304-305 [205] from the request 
514, decrypt the session key and the user profile information contained in the fields 304-305 
[205] and make the user profile information available to web server applications. The user 
profile information may be made available to web server applications by setting HTTP 
environment variables, by storing it in a database, by placing it in shared memory, and/or using 
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other data exchange techniques. The proxy data exchange filter software may then pass the 
request 514 back to the web server for further processing and for generation of a response 515. 



IN THE CLAIMS 



13. A data transfer method performed at an information server, the method comprising: 
receiving [a] an augmented data request including encrypted user profile information 

added by [from] a proxy server; 

extracting the encrypted user profile information added to the data request by the proxy 

server; 

using the extracted profile information to generate a response; and 
sending the response to the proxy server. 

14. The method of claim 13 wherein using the extracted user profile information to 
generate a response comprises providing the extracted user profile information to a web 
application and generating the response by processing the web application. 

15. The method of claim 14 wherein providing the extracted user profile information 
comprises setting HTTP environment variables at a web server and wherein the web application 
comprises a common gateway interface script. 

16. The method of claim 13 further comprising storing the extracted user profile 
information at the information server and associating a reference token with the stored user 
profile information, and wherein the response further comprises the reference token. 



17. The method of claim 16 further comprising: 

receiving from the proxy server a second data request comprising the reference 

token; 

extracting the reference token from the second data request; 
~~ accessing the stored user profile information based on the reference token; and 
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using the stored user profile information to generate a response to the second data 



request. 



18. The method of claim 13 wherein extracting the user profile information comprises 
decrypting the user profile information. 

19. The method of claim 18 wherein the data request further comprises a session key 
added to the data request by the proxy server and wherein decrypting the user profile information 
comprises using the session key to decrypt the user profile information. 

3 1 . An information server comprising: 

a network interface operatively coupling the information server to a [proxy] target server; 

and 

a processor operatively coupled to the network interface and to a memory comprising 
executable instructions for causing the processor to receive a data request from the proxy server, 
decrypt user profile information added to the data request by the target server; and use the 
decrypted user profile information to generate a response to the data request. 



Please add the following new claims 33-42. 



33. A method performed at a proxy server, the method comprising: 
receiving a request from a client; 

determining destination information associated with the request; 
determining a target server associated with the destination information should 
receive user profile information; 

augmenting the request by adding encrypted user profile information; and 
sending the augmented request to the target server. 



34. The method of claim 33 further comprising: 

determining a valid public key for the target server; 
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encrypting a session key using the public key; and 
augmenting the request by adding the encrypted session key 

35. The method of claim 34 further comprising: 

determining a valid public key for the target server; 
encrypting a session key information using the public key; 
encrypting the user profile information using the encrypted session key; and 
augmenting the request by adding the public key, encrypted session key, and 
encrypted user profile information to the request. 



36. The method of claim 33 wherein determining the target server should receive user 
profile information includes querying a database associated with the proxy server to determine if 
the target server should receive user profile information. 



37. The method of claim 33 further comprising receiving a token from the target server 
and providing the token with other requests associated with the user profile that are directed to 
the target server. 

38. A system comprising: 
a proxy server to: 

receive a request from a client; 

determine a destination information associated with the request; 
determine a target server associated with information should receive user profile 
information; and 

augment the request by adding encrypted user profile information; and 
to send the augmented request to the target server. 

39. The system of claim 38 wherein the proxy server is configured to: 
"~ " determine a valid public key for the target server; 
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target server. Petitcoloas does not remedy any of the deficiencies of Pepe. Petitcolas also 
describes a split proxy system including a client-side secure proxy and the server-side secure 
proxy. However, as in Pepe, Peticolas does not describe augmenting a data request with 
encrypted user profile information. 

Claims 14, 15, 18, 27, and 32 depend from claims 13, 25, and 31, respectively, and are 
believed to be allowable at least for the reasons given above for claims 13, 25, and 31. 

In view of at least the above, it is respectfully submitted that Pepe and Petitcolas do not 
establish a prima facie case of obviousness with regard to claim 13, 25, and 31. Therefore, 
reconsideration and withdrawal of the rejection of claiml3, 25, and 31 are respectfully requested. 

Claims 16, 17, 19-21, and 26 were rejected under 35 U.S.C. § 103(a) as allegedly being 
unpatentable over Pepe in view of Petitcolas and White. This rejection is respectfully traversed. 

Claims 16, 17, 19-21, and 26, depend from claims 13 and 25, respectively, and are 
believed to be allowable for at least the reasons given for claims 13 and 25. In particular, White 
does not remedy the deficiencies of Pepe and Petitcolas that are noted above with respect to 
claims 13 and 25. As such, it is respectfully submitted that Pepe, Petitcolas, and White, alone or 
in combination, do not establish a prima facie case of obviousness with regard to claims 16, 17, 
19-21, and 26. Therefore, reconsideration and withdrawal of the rejection of these claims are 
respectfully requested. 

It is respectfully submitted that the claims are in condition for allowance, and an early 
notice of the same is respectfully solicited. If any questions remain, the Examiner is invited to 
contact the undersigned attorney at the telephone number listed below. Enclosed is a check in 
the amount of $348 for additional claim fees. Please apply any charges or credits to Deposit 
Account No. 06-1050. 



